Lucene search
China National Vulnerability DatabaseCNVD-2023-03052HistoryJan 12, 2023 - 12:00 a.m.
SAP NetWeaver AS Access Control Error Vulnerability
2023-01-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
sap
netweaver
access control
vulnerability
attack
api
unauthorized operations
0.003 Low
EPSS
Percentile
66.1%
SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but is also the basic platform for SAP software. The Java-based SAP NetWeaver AS version 7.50 contains an access control error vulnerability that stems from improper access control and could be exploited by an unauthenticated attacker to attach to open interfaces and access services using open naming and directory APIs, which could be used to perform unauthorized operations affecting users and data on the current system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sap sap netweaver as | eq | 7.5 |
Related
nvd
nvd
CVE-2023-0017
2023-01-10 04:15:09
cve
cve
CVE-2023-0017
2023-01-10 04:15:09
prion
prion
Improper access control
2023-01-10 04:15:00
cvelist
cvelist
CVE-2023-0017 Improper access control in SAP NetWeaver AS for Java
2023-01-10 03:18:57
nessus
nessus
SAP NetWeaver AS Java Improper Access Control (3268093)
2023-01-13 00:00:00
wallarmlab
wallarmlab
Private APIs at Risk: Q1-2023 API ThreatStats™ Report
2023-06-01 18:52:26
Don’t Let API Leaks Sink Your Ship | API Security Newsletter
2023-02-02 14:24:48